From 1da3ae2c2b116d779921b0ed77c271d2aa3e815b Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Mon, 7 Oct 2019 18:09:20 +0200
Subject: [PATCH] [19.03] roll-back libnetwork iptables forward policy change

The patch made in  docker/libnetwork#2450 caused a breaking change in the
networking behaviour, causing Kubernetes installations on Docker Desktop
(and possibly other setups) to fail.

Rolling back this change in the 19.03 branch while we investigate if there
are alternatives.

diff: https://github.com/docker/libnetwork/compare/45c710223c5fbf04dc3028b9a90b51892e36ca7f...96bcc0dae898308ed659c5095526788a602f4726

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: fb0fca86077528466cc66fef20697537941ca125
Component: engine
---
 .../engine/hack/dockerfile/install/proxy.installer     |  2 +-
 components/engine/vendor.conf                          |  2 +-
 .../libnetwork/drivers/bridge/setup_ip_forwarding.go   | 10 +++++-----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/components/engine/hack/dockerfile/install/proxy.installer b/components/engine/hack/dockerfile/install/proxy.installer
index 8a3b0138bdf..1a0086f3231 100755
--- a/components/engine/hack/dockerfile/install/proxy.installer
+++ b/components/engine/hack/dockerfile/install/proxy.installer
@@ -3,7 +3,7 @@
 # LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When
 # updating the binary version, consider updating github.com/docker/libnetwork
 # in vendor.conf accordingly
-LIBNETWORK_COMMIT=96bcc0dae898308ed659c5095526788a602f4726
+LIBNETWORK_COMMIT=45c710223c5fbf04dc3028b9a90b51892e36ca7f
 
 install_proxy() {
 	case "$1" in
diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf
index 3538f85a939..2942c3a3dc0 100644
--- a/components/engine/vendor.conf
+++ b/components/engine/vendor.conf
@@ -38,7 +38,7 @@ github.com/gofrs/flock                              7f43ea2e6a643ad441fc12d0ecc0
 # libnetwork
 
 # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly
-github.com/docker/libnetwork                        96bcc0dae898308ed659c5095526788a602f4726
+github.com/docker/libnetwork                        45c710223c5fbf04dc3028b9a90b51892e36ca7f
 github.com/docker/go-events                         9461782956ad83b30282bf90e31fa6a70c255ba9
 github.com/armon/go-radix                           e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
 github.com/armon/go-metrics                         eb0af217e5e9747e41dd5303755356b62d28e3ec
diff --git a/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_forwarding.go b/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_forwarding.go
index 3db12bfd2f7..10f61a18686 100644
--- a/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_forwarding.go
+++ b/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_forwarding.go
@@ -34,11 +34,11 @@ func setupIPForwarding(enableIPTables bool) error {
 		if err := configureIPForwarding(true); err != nil {
 			return fmt.Errorf("Enabling IP forwarding failed: %v", err)
 		}
-	}
-
-	// Set the default policy on forward chain to drop only if the
-	// daemon option iptables is not set to false.
-	if enableIPTables {
+		// When enabling ip_forward set the default policy on forward chain to
+		// drop only if the daemon option iptables is not set to false.
+		if !enableIPTables {
+			return nil
+		}
 		if err := iptables.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
 			if err := configureIPForwarding(false); err != nil {
 				logrus.Errorf("Disabling IP forwarding failed, %v", err)